Shellshock: What You Need to Know About the Bash Security Flaw

Category: Articles On 09-10-2014

Should you be worried about Shellshock?

Just a few months after the catastrophic Heartbleed bug, the technology world is “shocked” by yet another major security flaw, this time in the Bash command shell.

To the uninitiated, Bash is a piece of software that allows users and other applications to execute commands on Linux and Unix-based machines, as well as on Apple’s Mac OS X. Bash also supports variables — and that’s where the Shellshock bug lies.

You see, anything stored in a variable should be treated purely as data, not commands. But when a variable starts with a particular sequence of characters, “() { :;};”, which is typically used in function definitions, Bash incorrectly interprets the rest of the trailing data as commands to be executed.

To put it simply, it means an attacker can literally run any command on a target machine, so the negative possibilities are endless. No wonder The US National Vulnerability Database has given Shellshock the highest severity rating — 10/10.

The bug was believed to be introduced in Bash version 1.13, released way back in 1992 and has remained undiscovered until recently. The widespread adoption of Linux today means this long-standing bug is all over the place, affecting hundreds of millions of servers worldwide.

Your server could be one of them, so act quickly before it gets attacked by unscrupulous hackers. Here’s what you need to do, in a nutshell:

  1. Update Bash to the latest version
  2. Replace your SSH keys
  3. Change your login credentials

At Cxrus Solutions, we perform proactive updates and maintenance to ensure our customers are always on top of security flaws like this. If you’re having trouble with Shellshock, contact us and we’ll take swift action to help you recover from the bug.


5 years ago / No Comments






Tags: ,

Comments are closed here.